- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Tue, 30 Sep 2008 10:16:06 -0500
- To: public-bpwg <public-bpwg@w3.org>, www-mobile@w3.org, public-mobileok-checker <public-mobileok-checker@w3.org>, public-ddwg@w3.org, public-geolocation@w3.org, public-uwa@w3.org, public-webapps@w3.org, public-html@w3.org, public-wsc-wg@w3.org
[sorry for the cross-posting, please don't reply-to-all] Hello, W3C just announced a call for participation to a Workshop on security for access to device APIs from the Web, in London on December 10-11 2008. http://www.w3.org/2008/security-ws/ A W3C Workshop is an opportunity for any interested parties to interact and exchange ideas on the topics under discussion. W3C Membership is NOT required to participate in a W3C Workshop. This workshop will focus on the *security challenges* involved in allowing Web applications and widgets to access the APIs that allow to control devices features such as cameras, GPS systems, connectivity and battery levels, external applications launch, access to personal data (e.g. calendar or addressbook), etc, not traditionally available from the Web environment. To participate to this workshop, interested parties need to submit a position paper relevant to this topic before *October 30 2008* to team-secure-web@w3.org. These position papers will be reviewed by the workshop program committee, and will serve as a basis for the agenda of the two days workshop. Submitters will be notified of acceptance of their papers by November 17. A position paper should: * explain your interest in the Workshop * be aligned with the Workshop's stated goals * be 5 to 10 pages long (2000 - 4000 words) * be formatted in (valid) HTML/XHTML, PDF, or plain text Interested parties are invited to inform the workshop organizers that they are planning to submit a position paper by sending as soon as possible an expression of interest to team-secure-web@w3.org, including the number of persons from their organizations that are planning to attend the workshop. Topics in scope for the workshop include: * Existing frameworks on desktop and mobile platforms to regulate security policies for specific APIs, * Similarities and differences of the security approaches in desktop and mobile platforms, in a browser and in a widgets environment, * Usability of security relevant user interactions; issues and opportunities in the mobile environment, * Safe language and API subsets, and models for application use of such subsets, * Policy based trust delegation mechanisms, * Reducing the attack surface exposed by Web page scripts * Role of authentication of users and applications in securing API access, * Increasing awareness of good security practices for Web applications, * Usability of security and privacy policies The discussions at this workshop are expected to be relevant in particular to the following W3C Working Groups: * Web Applications Working Group * Geolocation Working Group * Ubiquitous Web Applications Working Group * HTML Working Group * Web Security Context Working Group Should you have any question, please contact Dominique Hazael-Massieux <dom@w3.org>. Regards, Dom
Received on Tuesday, 30 September 2008 15:17:23 UTC